使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

I cannot configure an SSL/TLS certificate for an Amazon Linux 2023 instance.

0

Hello there,

I created an instance in EC2 and I selected Amazon Linux 2023 as the operating system. I want to configure an SSL/TLS certificate for an Amazon Linux 2023 instance, but I cannot configure it successfully. The specific situation is that I followed the official tutorial provided by AWS: <Configure SSL/TLS on AL2023 (link: https://docs.aws.amazon.com/linux/al2023/ug/SSL-on-amazon-linux-2023 .html)>. After completing the steps provided in the OpenSSL dialog box and entering the "openssl x509 -in certificate.crt -text" command for verification, the following error appears:

  • "Could not open file or uri for loading certificate from certificate.crt 809B27381F7F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:crypto/store/store_register.c:237:scheme=file 809B27381F7F0000:error:80000002:system library:file_open:No such file or directory:providers/implementations/storemgmt/file_store.c:267:calling stat(certificate.crt) Unable to load certificate". * I don't know which link caused the problem. Supplement:Two certificates (apache-selfsigned.crt) have been generated in the "/etc/pki/tls/certs" directory and localhost.crt), but they don't seem to have any effect!

I suspect that the certificate cannot be automatically renewed according to the instructions provided in the document. After all, manually renewing the certificate each time is too troublesome and carries certain operational risks. So I wanted to use the third-party tool Certbot to enable the automatic renewal function for the certificate (website link: https://certbot.eff.org/instructions?ws=apache&os=pip). I chose "Apache on Pip". After entering the "sudo certbot --apache" command, "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain." Please add a virtual host for port 80." error. This confuses me! I have clearly opened port 80 and can access the site normally through http. Why is it still prompted that the virtual host listening on port 80 cannot be found? Does anyone know what is going on?

Thanks in advance!

Karl

主题
计算物联网 (IoT)
标签
亚马逊 EC2传输层安全性 (TLS)亚马逊 Linux
语言
English
Karl
已提问 4 个月前588 查看次数
3 回答
0

Hello.

In addition to opening port 80, try setting up a virtual host in Apache.
Specifically, try adding the following settings to the end of "/etc/httpd/conf/httpd.conf".

NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin root@example.com
DocumentRoot /var/www/html
ServerName example.com
</VirtualHost>
profile picture
专家
Riku_Kobayashi
已回答 4 个月前
0

Hi,

I want to configure SSL/TLS certificates for subdomains of the domain name at the same time (such as example.com and www.example.com), but I find that I can only complete one of them. Which link did the problem occur?

Best wishes! Karl

Karl
已回答 4 个月前
0

Hi,

Is there any way to add example.com's subdomain www.example.com to the certificate request list?

Best wishes! Karl

Karl
已回答 4 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容